Are there any security mechanisms in RadarCube like those realized in MS Analysis?
Posted by Vladimir Lyutetsky on 19 March 2007 10:20 AM
RadarCube CONTAINS NO nested resources for restricting user's access to the Microsoft Analysis 2005 Cube data, since the task has been already solved by the developers of that OLAP-server. The main question here is how to enable the MSAS-nested access rights mechanism (based on user authentication in the Windows domain) by saving a feature to view the Cube contents from Internet.
Remember the general security principle in MS Analysis 2005: some roles, for which the certain access rights to the Cube data are handed out, are created for each Cube. Then, the Windows domain users are assigned the roles created in MS AS. Thus, to use a nested mechanism of MSAS security, you should, at least, get an authentication for the Internet user in the Windows domain.
But our main aim is creating a web-application where each of Internet-user could view the MS AS Cube data by using an independent kit of access rights.
So, for that you need to create enough MS AS roles, domain user accounts, and in some way, to tune a web-application settings. This can be done by using either a Basic-authentication of IIS, or the ASP.NET Forms Authentication Provider.
Connection to the MS Analysis server using the basic authentication
Place a web page with the RadarCube component in a catalog of a web-site (for example "Samples"), and then open the properties window of this folder in the "Computer management" window (for that, right-click the "My Computer" icon and then choose the "Manage" item in the menu).
Then right-click a folder containing a web-page with the RadarCube component, and choose the "Properties" item. In a dialog box, pass on to the "Directory Security" tab and press the "Edit" button selected with red.
In a dialog box "Authentication Methods", uncheck the "Enable anonymous access" and the "Integrated Windows authentication" checkboxes and tick off the "Basic authentication" checkbox.
Then, by pressing "Ok" button, save the changes you've made. That's all.
When you open a page in a protected folder, the web-browser will ask you to enter the name and the password of a domain user whose rights will be used for completing the code of the specified web page. Thus, all MDX-commands accomplished by RadarCube will be fulfilled under the rights of a user who passed authorization and who, in his turn, has or doesn't have certain rights as a MS AS user.
Connection to the MS AS server using the ASP.NET Forms authentication
For this, enable anonymous access in IIS and configure your Web application's web.config file to use Forms Authentication. For example:
In a given example, the Forms mode is configured in the <authentication> section. User authentication is applied when addressing the "Cube.aspx" page (it is defined in the <location> section). The user authentication process is fulfilled on the login.aspx page described below.
The Login_Click server method code should look like as follows: